Application access rule for allowing Calendar permissions to a single mailbox

Satya 20 Reputation points

I created an app registration in Microsoft Entra ID. The purpose is to read/write events in the calendar of an outlook shared mailbox from my NodeJS server code.

Problem is that when i add Application Permissions for Calendar to the app, I can only add them for all users. I looked at Application Access Rules but they have only Deny and Restrict rules. No 'Allow rules'.

I want to know how to restrict the app to only access that one shared mailbox and not the mailboxes of everyone else in the organization.


Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
9,052 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,447 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 133.4K Reputation points MVP

    "restrict" Is the allow.



    New-ApplicationAccessPolicy -AccessRight RestrictAccess -AppId "e7e4dbfc-046f-4074-9b3b-2ae8f144f59b" -PolicyScopeGroupId -Description "Restrict this app's access to members of security group EvenUsers."

    This would allow and restrict the app to just that group ( For a shared mailbox , you may need to add it to a security enabled group and scope to that group)

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful